From 06715654332f4b468b3729e125659dbd8f2b6605 Mon Sep 17 00:00:00 2001 From: duffyduck Date: Fri, 1 May 2026 20:05:37 +0200 Subject: [PATCH] =?UTF-8?q?docker:=20Runtime=20auf=20node:20-slim=20(Alpin?= =?UTF-8?q?e=E2=86=92Debian)=20=E2=80=93=20Prisma+TLS-Kompatibilit=C3=A4t?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bug: Im Container schlug Prisma + mariadb-Auth fehl. - Prisma-Engine `linux-musl` braucht libssl.so.1.1 → Alpine 3.19+ hat nur openssl 3 → "shared library libssl.so.1.1 not found" - mariadb-client unter Alpine warf "TLS/SSL error: SSL is required" Fix: alle Stages (Frontend-build, Backend-build, Runtime) auf node:20-slim (Debian-bookworm). glibc + openssl 3 ABI-kompatibel, Prisma generiert linux-debian-Engine korrekt. Plus: .dockerignore um data/, plesktest/, backup-Klone erweitert (Build-Context war u.a. wegen MariaDB-Files mit restricted Permissions nicht lesbar). Plus: docker-compose.yml: version: '3.8' für docker-compose v1 Kompatibilität. Live-verifiziert: docker-compose up -d --build → alle 3 Container healthy, Login funktioniert, alte DB-Daten (3 Kunden, 15 Verträge, 144 SecurityEvents) erhalten via Volume-zu-Bind-Mount-Migration. Co-Authored-By: Claude Opus 4.7 (1M context) --- .dockerignore | 9 +++++++++ backend/Dockerfile | 17 ++++++++++++++--- docker-compose.yml | 12 +++++++++--- 3 files changed, 32 insertions(+), 6 deletions(-) diff --git a/.dockerignore b/.dockerignore index c3195c4c..69eb0b37 100644 --- a/.dockerignore +++ b/.dockerignore @@ -46,6 +46,15 @@ backups backend/uploads backend/backups +# Daten-Verzeichnis (Bind-Mounts zur Laufzeit, nicht im Build-Context) +data/ + +# Plesk-Test (nicht für Container) +plesktest/ + +# Backup-Klone des Repos +opencrm-backup-*/ + # Prisma migrations (included, but not dev db) *.db *.db-journal diff --git a/backend/Dockerfile b/backend/Dockerfile index 1ffec09f..85d5d55b 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -1,8 +1,11 @@ # Multi-Stage Build: Frontend bauen, dann Backend bauen, dann schlankes Runtime-Image # --------------------------------------------------------------------------------- +# Alle Stages auf node:20-slim (Debian-basiert) – dann passt die Prisma-Query- +# Engine (glibc + openssl) zur Runtime. + # ============== STAGE 1: Frontend bauen ============== -FROM node:20-alpine AS frontend-builder +FROM node:20-slim AS frontend-builder WORKDIR /build/frontend COPY frontend/package.json frontend/package-lock.json ./ RUN npm ci --no-audit --no-fund --prefer-offline @@ -11,8 +14,10 @@ RUN npm run build # Output: /build/frontend/dist/ # ============== STAGE 2: Backend bauen (TS → JS) ============== -FROM node:20-alpine AS backend-builder +FROM node:20-slim AS backend-builder WORKDIR /build/backend +RUN apt-get update && apt-get install -y --no-install-recommends openssl \ + && rm -rf /var/lib/apt/lists/* COPY backend/package.json backend/package-lock.json ./ RUN npm ci --no-audit --no-fund --prefer-offline COPY backend/prisma ./prisma @@ -23,9 +28,15 @@ RUN npx tsc # Output: /build/backend/dist/ # ============== STAGE 3: Runtime ============== -FROM node:20-alpine +# Debian-slim statt Alpine: Prisma-Engines erwarten libssl 1.1, das in Alpine 3.19+ +# nicht mehr verfügbar ist. Slim hat openssl 3 ABI-kompatibel + native binaries. +FROM node:20-slim WORKDIR /app +# OpenSSL für Prisma-Query-Engine + wget für Healthcheck +RUN apt-get update && apt-get install -y --no-install-recommends openssl wget \ + && rm -rf /var/lib/apt/lists/* + # Nur Production-Dependencies + Prisma-Client COPY backend/package.json backend/package-lock.json ./ RUN npm ci --omit=dev --no-audit --no-fund --prefer-offline && npm cache clean --force diff --git a/docker-compose.yml b/docker-compose.yml index 5c74da63..4fa65b72 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,14 +1,20 @@ # OpenCRM – komplettes Setup: MariaDB + Backend/Frontend + Adminer # Konfiguration über ./.env (siehe ./.env.example) # -# Quick-Start: +# Quick-Start (Compose v2): # cp .env.example .env # Werte anpassen (Secrets rotieren!) # docker compose up -d # erstes Mal: holt Images, baut Backend, startet alles -# open http://localhost:${OPENCRM_PORT} # CRM -# open http://localhost:${ADMINER_PORT} # DB-UI +# Quick-Start (Compose v1, Legacy): +# docker-compose up -d +# +# Browser: +# http://localhost:${OPENCRM_PORT} # CRM +# http://localhost:${ADMINER_PORT} # DB-UI # # Daten liegen alle unter ./data/* – Bind-Mounts statt Volumes (auf Wunsch). +version: '3.8' + services: db: image: mariadb:10.11